Is this not a feature at all? - Note we are on a trailI have saved all of the log in information for numerous sites on our main "master" account for my company. I stored them in folders then shared them with our employees. When I went to log into the master account to check out the security challenge feature and it stated I had no sites saved. In order to check out our password strength I had to clone the credentials into a new folder that is not shared. This is very tedious if I have to do this for everything, because I just want to keep the shared folders to easily add / remove / change credentials while still being able to see how well our password strength is.

remote46 Wrote:Is this not a feature at all? - Note we are on a trailI have saved all of the log in information for numerous sites on our main "master" account for my company. I stored them in folders then shared them with our employees. When I went to log into the master account to check out the security challenge feature and it stated I had no sites saved. In order to check out our password strength I had to clone the credentials into a new folder that is not shared. This is very tedious if I have to do this for everything, because I just want to keep the shared folders to easily add / remove / change credentials while still being able to see how well our password strength is.

Hi there,

Yes this is expected.

The security check will only check against your personal entries, not any shared logins or shared folders (including family shared folders).

However, the Security Challenge does check sites stored in Shared Folders to see if they were impacted by the Heartbleed bug and alert you to whether your passwords need to be updated for those sites.

I think the reason why shared items are not included in your own security challenge is for example I can share a weak password with you and your security score will go down even if you all your own accounts are secured. Similarly if you share a strong password with me, it should not improve my security score automatically.

I've read all these posts and understand that in a limited set of circumstances you wouldn't want it to do the security check on a shared folder. But those circumstances would appear to create only an annoyance, verses not including the functionality the security check should be meant for on Enterprise size clients.

We are a medium size Business Management Firm who has hundreds of clients we manage. Now think of LastPasses own promotional materials that state the average user has over 190 logons. By that estimation we have literally tens of thousands of potential logons we manage. We got LastPass to improve the security of those managed passwords both in storage and complexity. Organizationally, a subset of credentials are going to be shared with the Account Manager responsible for a subset of clients. We want these credentials handed down from a higher level of access, to a more limited access for the Account Managers.

But with regard to this feature, there's no practical way to audit the passwords for our clients. There should be. It's a great feature that's made all the more powerful the more credentials you manage. We should be able to leverage this tool against our tens of thousands of credentials. That adds value to Lasspass.